12
Policy and Static Routes
This chapter shows you how to configure policies for IP routing and static routes on your ZyWALL. See Section 5.4.10 on page 117 for related information on the policy route screens.
12.1 Policy Route
Traditionally, routing is based on the destination address only and the ZyWALL takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
12.1.1Benefits
•
•Bandwidth Shaping – Organizations can allocate bandwidth to traffic that matches the routing policy and prioritize traffic.
•Cost Savings – IPPR allows organizations to distribute interactive traffic on high- bandwidth,
•Load Sharing – Network administrators can use IPPR to distribute traffic among multiple paths.
•NAT - The ZyWALL performs NAT by default for traffic going to or from the ge1 interface. Routing policy’s SNAT allows network administrators to have traffic received on a specified interface use a specified IP address as the source IP address.
12.2 Routing Policy
Individual routing policies are used as part of the overall IPPR process. A policy defines the matching criteria and the action to take when a packet meets the criteria. The action is taken only when all the criteria are met. The criteria can include the user name, source address and incoming interface, destination address, schedule, IP protocol (ICMP, UDP, TCP, etc.) and port.
The actions that can be taken include:
•Routing the packet to a different gateway, outgoing interface, VPN tunnel, or trunk.
•Limiting the amount of bandwidth available and setting a priority for traffic.
| 225 |
ZyWALL USG 1000 User’s Guide | |
|
|